etch 3.13 → 3.15.0

data/Rakefile

@@ -3,7 +3,7 @@ spec = Gem::Specification.new do |s|
   s.name	= 'etch'
   s.summary	= 'Etch system configuration management client'
   s.add_dependency('facter')
-  s.version = '3.13'
+  s.version = '3.15.0'
   s.author = 'Jason Heiss'
   s.email = 'etch-users@lists.sourceforge.net'
   s.homepage = 'http://etch.sourceforge.net'

data/lib/etchclient.rb

@@ -35,13 +35,13 @@ require 'logger'
 require 'etch'
 
 class Etch::Client
-  VERSION = '3.13'
+  VERSION = '3.15.0'
   
   CONFIRM_PROCEED = 1
   CONFIRM_SKIP = 2
   CONFIRM_QUIT = 3
   PRIVATE_KEY_PATHS = ["/etc/ssh/ssh_host_rsa_key", "/etc/ssh_host_rsa_key"]
-  CONFIGDIR = '/etc/etch'
+  CONFIGDIR = '/etc'
   
   # We need these in relation to the output capturing
   ORIG_STDOUT = STDOUT.dup
@@ -141,17 +141,17 @@ class Etch::Client
       http = Net::HTTP.new(@filesuri.host, @filesuri.port)
       if @filesuri.scheme == "https"
         # Eliminate the OpenSSL "using default DH parameters" warning
-        if File.exist?(File.join(CONFIGDIR, 'dhparams'))
-          dh = OpenSSL::PKey::DH.new(IO.read(File.join(CONFIGDIR, 'dhparams')))
+        if File.exist?(File.join(CONFIGDIR, 'etch', 'dhparams'))
+          dh = OpenSSL::PKey::DH.new(IO.read(File.join(CONFIGDIR, 'etch', 'dhparams')))
           Net::HTTP.ssl_context_accessor(:tmp_dh_callback)
           http.tmp_dh_callback = proc { dh }
         end
         http.use_ssl = true
-        if File.exist?(File.join(CONFIGDIR, 'ca.pem'))
-          http.ca_file = File.join(CONFIGDIR, 'ca.pem')
+        if File.exist?(File.join(CONFIGDIR, 'etch', 'ca.pem'))
+          http.ca_file = File.join(CONFIGDIR, 'etch', 'ca.pem')
           http.verify_mode = OpenSSL::SSL::VERIFY_PEER
-        elsif File.directory?(File.join(CONFIGDIR, 'ca'))
-          http.ca_path = File.join(CONFIGDIR, 'ca')
+        elsif File.directory?(File.join(CONFIGDIR, 'etch', 'ca'))
+          http.ca_path = File.join(CONFIGDIR, 'etch', 'ca')
           http.verify_mode = OpenSSL::SSL::VERIFY_PEER
         end
       end
@@ -403,7 +403,9 @@ class Etch::Client
       rescue Exception => e
         status = 1
         $stderr.puts e.message
+        message << e.message
         $stderr.puts e.backtrace.join("\n") if @debug
+        message << e.backtrace.join("\n") if @debug
       end  # begin/rescue
     end  # catch
     
@@ -540,8 +542,10 @@ class Etch::Client
         # original file.
         if config.elements['/config/revert']
           origpathbase = File.join(@origbase, file)
+          origpath = nil
 
           # Restore the original file if it is around
+          revert_occurred = false
           if File.exist?("#{origpathbase}.ORIG")
             origpath = "#{origpathbase}.ORIG"
             origdir = File.dirname(origpath)
@@ -553,10 +557,7 @@ class Etch::Client
 
             puts "Restoring #{origpath} to #{file}"
             recursive_copy_and_rename(origdir, origbase, file) if (!@dryrun)
-
-            # Now remove the backed-up original so that future runs
-            # don't do anything
-            remove_file(origpath) if (!@dryrun)
+            revert_occurred = true
           elsif File.exist?("#{origpathbase}.TAR")
             origpath = "#{origpathbase}.TAR"
             filedir = File.dirname(file)
@@ -566,19 +567,24 @@ class Etch::Client
 
             puts "Restoring #{file} from #{origpath}"
             system("cd #{filedir} && tar xf #{origpath}") if (!@dryrun)
-
-            # Now remove the backed-up original so that future runs
-            # don't do anything
-            remove_file(origpath) if (!@dryrun)
+            revert_occurred = true
           elsif File.exist?("#{origpathbase}.NOORIG")
             origpath = "#{origpathbase}.NOORIG"
             puts "Original #{file} didn't exist, restoring that state"
 
             # Remove anything we might have written out for this file
             remove_file(file) if (!@dryrun)
+            revert_occurred = true
+          end
+
+          # Update the history log
+          if revert_occurred
+            save_history(file)
+          end
 
-            # Now remove the backed-up original so that future runs
-            # don't do anything
+          # Now remove the backed-up original so that future runs
+          # don't do anything
+          if origpath
             remove_file(origpath) if (!@dryrun)
           end
 
@@ -1696,109 +1702,112 @@ class Etch::Client
 
     origpath
   end
-
+  
   # This subroutine maintains a revision history for the file in @historybase
   def save_history(file)
-    histpath = File.join(@historybase, "#{file}.HISTORY")
+    histdir = File.join(@historybase, "#{file}.HISTORY")
+    current = File.join(histdir, 'current')
+    
+    # Migrate old RCS history
+    if File.file?(histdir) && File.directory?(File.join(File.dirname(histdir), 'RCS'))
+      if !@dryrun
+        puts "Migrating old RCS history to new format"
+        rcsmax = nil
+        IO.popen("rlog #{histdir}") do |pipe|
+          pipe.each do |line|
+            if line =~ /^head: 1.(.*)/
+              rcsmax = $1.to_i
+              break
+            end
+          end
+        end
+        if !rcsmax
+          raise "Failed to parse RCS history rlog output"
+        end
+        tmphistdir = tempdir(histdir)
+        1.upto(rcsmax) do |rcsrev|
+          rcsrevcontents = `co -q -p1.#{rcsrev} #{histdir}`
+          # rcsrev-1 because RCS starts revisions at 1.1 and we start files
+          # at 0000
+          File.open(File.join(tmphistdir, sprintf('%04d', rcsrev-1)), 'w') do |rcsrevfile|
+            rcsrevfile.write(rcsrevcontents)
+          end
+        end
+        FileUtils.copy(histdir, File.join(tmphistdir, 'current'))
+        File.delete(histdir)
+        File.rename(tmphistdir, histdir)
+      end
+    end
 
     # Make sure the directory tree for this file exists in the
     # directory we save history in.
-    histdir = File.dirname(histpath)
-    if !File.directory?(histdir)
-      puts "Making directory tree #{histdir}"
+    if !File.exist?(histdir)
+      puts "Making history directory #{histdir}"
       FileUtils.mkpath(histdir) if (!@dryrun)
     end
-    # Make sure the corresponding RCS directory exists as well.
-    histrcsdir = File.join(histdir, 'RCS')
-    if !File.directory?(histrcsdir)
-      puts "Making directory tree #{histrcsdir}"
-      FileUtils.mkpath(histrcsdir) if (!@dryrun)
-    end
-
-    # If the history log doesn't exist and we didn't just create the
-    # original backup, that indicates that the original backup was made
-    # previously but the history log was not started at the same time.
-    # There are a variety of reasons why this might be the case (the
-    # original was saved by a previous version of etch that didn't have
-    # the history log feature, or the original was saved manually by
-    # someone) but whatever the reason is we want to use the original
-    # backup to start the history log before updating the history log
-    # with the current file.
-    if !File.exist?(histpath) && !@first_update[file]
+    
+    # If the history log doesn't exist and we didn't just create the original
+    # backup then that indicates that the original backup was made previously
+    # but the history log was not started at the same time. There are a
+    # variety of reasons why this might be the case (the most likely is that
+    # the original was saved manually by someone) but whatever the reason is
+    # we want to use the original backup to start the history log before
+    # updating the history log with the current file.
+    if !File.exist?(File.join(histdir, 'current')) && !@first_update[file]
       origpath = save_orig(file)
       if File.file?(origpath) && !File.symlink?(origpath)
         puts "Starting history log with saved original file:  " +
-          "#{origpath} -> #{histpath}"
-        FileUtils.copy(origpath, histpath) if (!@dryrun)
+             "#{origpath} -> #{current}"
+        FileUtils.copy(origpath, current) if (!@dryrun)
       else
         puts "Starting history log with 'ls -ld' output for " +
-          "saved original file:  #{origpath} -> #{histpath}"
-        system("ls -ld #{origpath} > #{histpath} 2>&1") if (!@dryrun)
-      end
-      # Check the newly created history file into RCS
-      histbase = File.basename(histpath)
-      puts "Checking initial history log into RCS:  #{histpath}"
-      if !@dryrun
-        # The -m flag shouldn't be needed, but it won't hurt
-        # anything and if something is out of sync and an RCS file
-        # already exists it will prevent ci from going interactive.
-        system(
-          "cd #{histdir} && " +
-          "ci -q -t-'Original of an etch modified file' " +
-          "-m'Update of an etch modified file' #{histbase} && " +
-          "co -q -r -kb #{histbase}")
+             "saved original file:  #{origpath} -> #{current}"
+        system("ls -ld #{origpath} > #{current} 2>&1") if (!@dryrun)
       end
       set_history_permissions(file)
     end
-  
-    # Copy current file
-
-    # If the file already exists in RCS we need to check out a locked
-    # copy before updating it
-    histbase = File.basename(histpath)
-    rcsstatus = false
-    if !@dryrun
-      rcsstatus = system("cd #{histdir} && rlog -R #{histbase} > /dev/null 2>&1")
-    end
-    if rcsstatus
-      # set_history_permissions may set the checked-out file
-      # writeable, which normally causes co to abort.  Thus the -f
-      # flag.
-      system("cd #{histdir} && co -q -l -f #{histbase}") if !@dryrun
-    end
-
+    
+    # Make temporary copy of file
+    newcurrent = current+'.new'
     if File.file?(file) && !File.symlink?(file)
-      puts "Updating history log:  #{file} -> #{histpath}"
-      FileUtils.copy(file, histpath) if (!@dryrun)
+      puts "Updating history log:  #{file} -> #{current}"
+      if File.exist?(newcurrent)
+        remove_file(newcurrent)
+      end
+      FileUtils.copy(file, newcurrent) if (!@dryrun)
     else
-      puts "Updating history log with 'ls -ld' output:  " +
-        "#{histpath}"
-      system("ls -ld #{file} > #{histpath} 2>&1") if (!@dryrun)
+      puts "Updating history log with 'ls -ld' output:  #{file} -> #{current}"
+      system("ls -ld #{file} > #{newcurrent} 2>&1") if (!@dryrun)
     end
-
-    # Check the history file into RCS
-    puts "Checking history log update into RCS:  #{histpath}"
-    if !@dryrun
-      # We only need one of the -t or -m flags depending on whether
-      # the history log already exists or not, rather than try to
-      # keep track of which one we need just specify both and let RCS
-      # pick the one it needs.
-      system(
-        "cd #{histdir} && " +
-        "ci -q -t-'Original of an etch modified file' " +
-        "-m'Update of an etch modified file' #{histbase} && " +
-        "co -q -r -kb #{histbase}")
+    
+    # Roll current to next XXXX if current != XXXX
+    if File.exist?(current)
+      nextfile = '0000'
+      maxfile = Dir.entries(histdir).select{|e|e=~/^\d+/}.max
+      if maxfile
+        if compare_file_contents(File.join(histdir, maxfile), File.read(current))
+          nextfile = nil
+        else
+          nextfile = sprintf('%04d', maxfile.to_i + 1)
+        end
+      end
+      if nextfile
+        File.rename(current, File.join(histdir, nextfile)) if (!@dryrun)
+      end
     end
-
+    
+    # Move temporary copy to current
+    File.rename(current+'.new', current) if (!@dryrun)
+    
     set_history_permissions(file)
   end
-
+  
   # Ensures that the history log file has appropriate permissions to avoid
   # leaking information.
   def set_history_permissions(file)
     origpath = File.join(@origbase, "#{file}.ORIG")
-    histpath = File.join(@historybase, "#{file}.HISTORY")
-
+    histdir = File.join(@historybase, "#{file}.HISTORY")
+    
     # We set the permissions to the more restrictive of the original
     # file permissions and the current file permissions.
     origperms = 0777
@@ -1813,17 +1822,15 @@ class Etch::Client
       # Mask off the file type
       fileperms = st.mode & 07777
     end
-
     histperms = origperms & fileperms
-
-    File.chmod(histperms, histpath) if (!@dryrun)
-
-    # Set the permissions on the RCS file too
-    histbase = File.basename(histpath)
-    histdir = File.dirname(histpath)
-    histrcsdir = "#{histdir}/RCS"
-    histrcspath = "#{histrcsdir}/#{histbase},v"
-    File.chmod(histperms, histrcspath) if (!@dryrun)
+    
+    if File.directory?(histdir)
+      Dir.foreach(histdir) do |histfile|
+        next if histfile == '.'
+        next if histfile == '..'
+        File.chmod(histperms, File.join(histdir, histfile)) if (!@dryrun)
+      end
+    end
   end
   
   def get_local_requests(file)
@@ -2202,8 +2209,10 @@ class Etch::Client
     # Note that cp -p will follow symlinks.  GNU cp has a -d option to
     # prevent that, but Solaris cp does not, so we resort to cpio.
     # GNU cpio has a --quiet option, but Solaris cpio does not.  Sigh.
+    # GNU find and cpio also have -print0/--null to handle filenames with
+    # spaces or special characters, but that's not standard either.
     system("cd #{sourcedir} && find #{sourcefile} | cpio -pdum #{destdir}") or
-      raise "Copy #{sourcedir}/#{sourcefile} to #{destdir} failed"
+      raise "Recursive copy #{sourcedir}/#{sourcefile} to #{destdir} failed"
   end
   def recursive_copy_and_rename(sourcedir, sourcefile, destname)
     tmpdir = tempdir(destname)
@@ -2211,7 +2220,17 @@ class Etch::Client
     File.rename(File.join(tmpdir, sourcefile), destname)
     Dir.delete(tmpdir)
   end
-
+  def nonrecursive_copy(sourcedir, sourcefile, destdir)
+    system("cd #{sourcedir} && echo #{sourcefile} | cpio -pdum #{destdir}") or
+      raise "Non-recursive copy #{sourcedir}/#{sourcefile} to #{destdir} failed"
+  end
+  def nonrecursive_copy_and_rename(sourcedir, sourcefile, destname)
+    tmpdir = tempdir(destname)
+    nonrecursive_copy(sourcedir, sourcefile, tmpdir)
+    File.rename(File.join(tmpdir, sourcefile), destname)
+    Dir.delete(tmpdir)
+  end
+  
   def lock_file(file)
     lockpath = File.join(@lockbase, "#{file}.LOCK")
 

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: etch
 version: !ruby/object:Gem::Version 
-  version: "3.13"
+  version: 3.15.0
 platform: ruby
 authors: 
 - Jason Heiss
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-11-14 00:00:00 -08:00
+date: 2010-01-20 00:00:00 -08:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -36,12 +36,9 @@ files:
 - bin/etch
 - bin/etch_cron_wrapper
 - bin/etch_to_trunk
-- etc/ca.pem
-- etc/dhparams
 - lib/etch.rb
 - lib/etchclient.rb
 - lib/versiontype.rb
-- man/man8/etch.8
 - Rakefile
 has_rdoc: true
 homepage: http://etch.sourceforge.net
@@ -67,7 +64,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: etchsyscm
-rubygems_version: 1.3.4
+rubygems_version: 1.3.5
 signing_key: 
 specification_version: 3
 summary: Etch system configuration management client

data/etc/ca.pem

@@ -1 +0,0 @@
-# Add your SSL certificate authority's cert(s) to this file

data/etc/dhparams

@@ -1,9 +0,0 @@
------BEGIN DH PARAMETERS-----
-MIIBCAKCAQEA3HySq1WdL67BCSRCJCZYMUIojAWAsvK63D3cOGk0wI9UeM/yeVhz
-jTswvHOVPZFKIBg1Aeo2eAEdPryDnmjVTgvLbuWkCPouQhBCVsQ1El9ZcXPix1rC
-tYsg4Kll1jgnwFoHf4xvjPnD/SqsASAiDxYlh4CFVyT1gLgSiUU0rIdudgO3agI5
-NgiyGOKwyHmNOOQSKA62M/JnoxcBDC7Nou3lqtHpR5yWsUz+csyk+hXZeUba97bm
-M8OB0PmfK4Vo6JpdO+yc8hjeYBoMsH7g/l3Gm1JqUxxctcY/OuJ+2nkXwsD66E3D
-yZCoiVd3u4OqAxNO/GG0iUmskjIvokMhUwIBAg==
------END DH PARAMETERS-----
-

data/man/man8/etch.8

@@ -1,204 +0,0 @@
-.TH etch 8 "October 2009"
-
-.SH NAME
-
-.B etch
-\- Configuration management for Unix systems
-
-.SH SYNOPSIS
-
-.B etch
-.RB [ --generate-all ]
-.RB [ --dry-run | \-n ]
-.RB [ --damp-run ]
-.RB [ --interactive ]
-.RB [ --full-file ]
-.RB [ --filename-only ]
-.RB [ --disable-force ]
-.RB [ --lock-force ]
-.RB [ --debug ]
-.RB [ --local
-.IR DIR ]
-.RB [ --server
-.IR SERVER ]
-.RB [ --tag
-.IR TAG ]
-.RB [ --test-base
-.IR TESTDIR ]
-.RB [ --key
-.IR PRIVATE_KEY ]
-.RB [ --version ]
-.RB [ --help | \-h ]
-.RI [ "file ..." ]
-
-.SH DESCRIPTION
-
-Etch is a tool for managing the configuration of Unix systems. Etch can manage
-text or binary files, links and directories. The contents of files can be
-supplied from static files or generated on the fly by scripts or templates.
-Permissions and ownership as well as any pre or post commands to run when
-updating the file are configured in simple XML files.
-
-.SH OPTIONS
-.TP
-.B --generate-all
-Request that the server generate and send over all available configuration.
-Can be used instead of specifying specific files to request.
-.TP
-.B --dry-run | \-n
-.B etch
-will not make any changes to the system.  Contents of generated config
-files are displayed instead of being written to disk.
-.TP
-.B --damp-run
-Perform an almost dry run, except that 'setup' entries for files are run.
-Normally all setup/pre/post entries are ignored for a dry run.  However, files
-with setup entries will generally fail to build properly if the setup entry
-hasn't been run.  This allows you to preview the full and correct
-configuration while making minimal changes to the system.
-.TP
-.B --interactive
-Causes
-.B etch
-to pause before making each change and prompt the user for
-confirmation.
-.TP
-.B --full-file
-Normally
-.B etch
-will print a diff to show what changes it will make to a file. This will cause
-.B etch
-to display the full new file contents instead.  Useful if the diff is hard to
-read for a particular file.
-.TP
-.B --filename-only
-Normally
-.B etch
-will print a diff to show what changes it will make to a file. This will cause
-etch to display only the name of file to be changed.  Useful on the initial
-run during your system build process or other times when you want less output.
-.TP
-.B --disable-force
-Ignore the disable_etch file.  Use with caution.  Typically used with
---interactive or --dry-run to evaluate what would happen if etch were
-re-enabled.
-.TP
-.B --lock-force
-.B Etch
-does per-file internal locking as it runs to prevent problems with
-simultaneous instances of the
-.B etch
-client stepping on each other.
-.B Etch
-automatically cleans up lockfiles over two hours old on the assumption that
-any lockfiles that old were left behind by a previous instance that failed for
-some (hopefully transient) reason. In a large environment you don't want to
-have to run around manually cleaning up lockfiles every time a full disk or
-unavailable package server or other transient failure causes
-.B etch
-to fail
-temporarily. This option forces the removal of any existing lockfiles no
-matter how old. Useful if a buggy configuration or local environmental issue
-caused
-.B etch
-to abort and you want to immediately retry.
-.TP
-.BI --local " DIR"
-Read configuration from a local directory rather than requesting it from
-a server.
-.TP
-.BI --server " SERVER"
-Point
-.B etch
-to an alternate server, specified in the form of a URL.
-.TP
-.BI --tag " TAG"
-Request a specific repository tag from the server.  Tags are directory paths
-relative to /etc/etchserver by default.  Thus examples might be
-.I trunk
-for /etc/etchserver/trunk, or
-.I branches/mytestbranch
-for /etc/etchserver/branches/mytestbranch.
-.TP
-.BI --key " PRIVATE_KEY"
-Use an alternate SSH private key file for signing messages that are sent to
-the server.
-.TP
-.BI --test-base " TESTDIR"
-Use an alternate local working directory instead of /var/etch.  Generally only
-used for allowing the etch test suite to be run as a non-root user.
-.TP
-.B --debug
-Print lots of messages about what etch is doing.
-.TP
-.B --version
-Show the etch client version and exit.
-.TP
-.B --help | \-h
-Display the etch usage message and exit.
-
-.SH FILES
-
-.TP
-.B /etc/etch/ca.pem
-SSL certificate(s) needed to verify the
-.B etch
-server's identity. If
-.B etch
-is using a server with an https:// URL and if this file exists then
-.B etch
-will not proceed if the server's SSL certificate can't be verified against the
-certs in this file.
-.TP
-.B /etc/etch/dhparams
-The Diffie-Hellman parameters used as part of the SSL connection process. Etch
-comes with a set and there's no need to generate your own, but a new set can
-be generated via "openssl dhparam" if desired. If this file is not present the
-Ruby SSL library will warn that it is using its internal default set of
-parameters.
-.TP
-.B /var/etch/disable_etch
-If this file is present
-.B etch
-will do nothing other than send a message to the
-.B etch
-server that it is disabled. Any text in this file will be included in
-that message to the server and displayed locally. If you are disabling
-.B etch
-always put a note in this file indicating who you are, today's date, and why
-you are disabling
-.B etch
-so that fellow administrators won't have to guess later why
-.B etch
-was disabled. Re-enabling
-.B etch
-after it has been disabled for a long
-time can be time-consuming, as the person doing so must review any potential
-changes that have been queued up and ensure that they won't interfere with the
-current usage of the system. As such be thoughtful about whether disabling
-.B etch
-is necessary, and re-enable it as soon as possible.
-.TP
-.B /var/etch/history
-A revision history of each
-.B etch
-managed file, stored using the RCS revision control system.
-.TP
-.B /var/etch/locks
-Directory used by the
-.B etch
-internal locking mechanism.  See the --lock-force option for more details.
-.TP
-.B /var/etch/orig
-A backup of the original contents of each
-.B etch
-managed file as it was before etch first touched it.
-
-.SH DIAGNOSTICS
-
-See the --debug option and the server logs.
-
-.SH AUTHOR
-
-.B Etch
-is designed and maintained by Jason Heiss